Re: [OAUTH-WG] OAuth Digest, Vol 58, Issue 72
"amir abdulahi " <amirabdulahi@hotmail.com> Wed, 21 August 2013 18:36 UTC
Return-Path: <amirabdulahi@hotmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBF1821F842B for <oauth@ietfa.amsl.com>; Wed, 21 Aug 2013 11:36:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.111
X-Spam-Level: *
X-Spam-Status: No, score=1.111 tagged_above=-999 required=5 tests=[AWL=3.709, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95Nfn6qWDO95 for <oauth@ietfa.amsl.com>; Wed, 21 Aug 2013 11:36:50 -0700 (PDT)
Received: from dub0-omc1-s5.dub0.hotmail.com (dub0-omc1-s5.dub0.hotmail.com [157.55.0.204]) by ietfa.amsl.com (Postfix) with ESMTP id D689821F8424 for <oauth@ietf.org>; Wed, 21 Aug 2013 11:36:49 -0700 (PDT)
Received: from DUB119-DS2 ([157.55.0.237]) by dub0-omc1-s5.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 21 Aug 2013 11:36:48 -0700
X-TMN: [jdRpNbrtNxJN0/oviY2xzs0dneRaJ38d]
X-Originating-Email: [amirabdulahi@hotmail.com]
Message-ID: <DUB119-DS2CB4360F733764F16CA29C64C0@phx.gbl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_d8a7f631-bd40-4dd8-a055-dd56f6fe4e5f_"
From: amir abdulahi <amirabdulahi@hotmail.com>
To: "oauth@ietf.org " <oauth@ietf.org>
Date: Wed, 21 Aug 2013 18:36:48 +0000
X-OriginalArrivalTime: 21 Aug 2013 18:36:48.0722 (UTC) FILETIME=[65518B20:01CE9E9D]
Subject: Re: [OAUTH-WG] OAuth Digest, Vol 58, Issue 72
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 18:36:55 -0000
Amirabdulahi@hotmail.com.@nokia.com.@ovi.com.@yahoomail.com.@gmail.com Sentall outlook from hotmail ovi my Nokia yahoo gmail facebook aol live msn other e-mail PhoneSoftwarOpera in likes CCLmailGoogle yahoomail -----Original Message----- From: oauth-request@ietf.org Sent: 8/21/2013 4:46:56 PM To: oauth@ietf.org Subject: OAuth Digest, Vol 58, Issue 72 If you have received this digest without all the individual message attachments you will need to update your digest options in your list subscription. To do so, go to https://www.ietf.org/mailman/listinfo/oauth Click the 'Unsubscribe or edit options' button, log in, and set "Get MIME or Plain Text Digests?" to MIME. You can set this option globally for all the list digests you receive at this point. Send OAuth mailing list submissions to oauth@ietf.org To subscribe or unsubscribe via the World Wide Web, visit https://www.ietf.org/mailman/listinfo/oauth or, via email, send a message with subject or body 'help' to oauth-request@ietf.org You can reach the person managing the list at oauth-owner@ietf.org When replying, please edit your Subject line so it is more specific than "Re: Contents of OAuth digest..." Today's Topics: 1. Re: Audience parameter in authorization flow (Tschofenig, Hannes (NSN - FI/Espoo)) 2. Dynamic Client Registration Conference Call: Thu 22 Aug, 2pm PDT: Conference Bridge Details (Tschofenig, Hannes (NSN - FI/Espoo)) 3. (no subject) 4. Re: Audience parameter in authorization flow (Phil Hunt) 5. Re: Audience parameter in authorization flow (Hannes Tschofenig) 6. Re: Audience parameter in authorization flow (Anthony Nadalin) 7. Re: Audience parameter in authorization flow (Phil Hunt) ---------------------------------------------------------------------- Message: 1 Date: Wed, 21 Aug 2013 16:30:25 +0000 From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> To: ext Sergey Beryozkin <sberyozkin@gmail.com>, "<oauth@ietf.org>" <oauth@ietf.org> Subject: Re: [OAUTH-WG] Audience parameter in authorization flow Message-ID: <1373E8CE237FCC43BCA36C6558612D2AA272E8@USCHMBX001.nsn-intra.net> Content-Type: text/plain; charset="us-ascii" Hi Sergey, The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. The audience information is provided when the client interacts with the AS. Ciao Hannes > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of ext Sergey Beryozkin > Sent: Sunday, August 18, 2013 6:32 PM > To: <oauth@ietf.org> > Subject: [OAUTH-WG] Audience parameter in authorization flow > > Hi Hannes, All, > > Regarding [1], where would you expect an audience parameter be provided > during the authorization flow ? > > It appears to me it should be provided during the initial redirect > (similarly to a parameter like redirect_uri). > > Also, would it make sense to support pre-registered audience values, > example, a client registers and specifies an audience during the > registration ? > > Thanks, Sergey > > [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ------------------------------ Message: 2 Date: Wed, 21 Aug 2013 16:34:44 +0000 From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> To: oauth mailing list <oauth@ietf.org> Subject: [OAUTH-WG] Dynamic Client Registration Conference Call: Thu 22 Aug, 2pm PDT: Conference Bridge Details Message-ID: <1373E8CE237FCC43BCA36C6558612D2AA272FE@USCHMBX001.nsn-intra.net> Content-Type: text/plain; charset="us-ascii" Here is the conference bridge and Webex information. ------------------------------ Message: 3 Message-ID: <mailman.2439.1377103616.3815.oauth@ietf.org> ly with what we have already in the dynamic client registration document (a= nd folks may have actually missed it). There are two use cases described in= the WG document, namely=20 - Use Case #1: Open Registration (Appendix B.1) - Use Case #2: Protected Registration (Appendix B.2) Then, we could talk about some more sophisticated use cases where informati= on for protected registration is provided by a third party.=20 -------------------- Meeting Number: 702 442 101=20 Meeting Password: oauth=20 -------------------------------------------------------=20 To join the online meeting=20 -------------------------------------------------------=20 1. Go to https://nsn.webex.com/nsn/j.php?ED=3D268691357&UID=3D0&PW=3DNOTlkZ= jIwNTEy&RT=3DMiMzMA%3D%3D=20 2. Enter your name and email address.=20 3. Enter the meeting password: oauth=20 4. Click "Join Now".=20 To view in other time zones or languages, please click the link:=20 https://nsn.webex.com/nsn/j.php?ED=3D268691357&UID=3D0&PW=3DNOTlkZjIwNTEy&O= RT=3DMiMzMA%3D%3D=20 -------------------------------------------------------=20 To join the teleconference only=20 -------------------------------------------------------=20 Global Dial-In Numbers: http://www.nokiasiemensnetworks.com/nvc=20 Conference Code: 944 910 5485 ------------------------------ Message: 4 Date: Wed, 21 Aug 2013 09:35:10 -0700 From: Phil Hunt <phil.hunt@oracle.com> To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Cc: "<oauth@ietf.org>" <oauth@ietf.org> Subject: Re: [OAUTH-WG] Audience parameter in authorization flow Message-ID: <CF5728A9-5271-4B57-A2B3-40A9FC1BC983@oracle.com> Content-Type: text/plain; charset=us-ascii This could be bound up in the client registration process since oauth clients don't authorize for random "targets". Phil @independentid www.independentid.com<http://www.independentid.com> phil.hunt@oracle.com On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> wrote: > Hi Sergey, > > The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. > > The audience information is provided when the client interacts with the AS. > > Ciao > Hannes > > >> -----Original Message----- >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >> Of ext Sergey Beryozkin >> Sent: Sunday, August 18, 2013 6:32 PM >> To: <oauth@ietf.org> >> Subject: [OAUTH-WG] Audience parameter in authorization flow >> >> Hi Hannes, All, >> >> Regarding [1], where would you expect an audience parameter be provided >> during the authorization flow ? >> >> It appears to me it should be provided during the initial redirect >> (similarly to a parameter like redirect_uri). >> >> Also, would it make sense to support pre-registered audience values, >> example, a client registers and specifies an audience during the >> registration ? >> >> Thanks, Sergey >> >> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ------------------------------ Message: 5 Date: Wed, 21 Aug 2013 18:40:59 +0200 From: Hannes Tschofenig <hannes.tschofenig@gmx.net> To: Phil Hunt <phil.hunt@oracle.com> Cc: "<oauth@ietf.org>" <oauth@ietf.org> Subject: Re: [OAUTH-WG] Audience parameter in authorization flow Message-ID: <5214ED9B.3070406@gmx.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the client talks to the authorization server to obtain an access token. Maybe UMA has provided a story for this already... On 08/21/2013 06:35 PM, Phil Hunt wrote: > This could be bound up in the client registration process since oauth clients don't authorize for random "targets". > > Phil > > @independentid > www.independentid.com<http://www.independentid.com> > phil.hunt@oracle.com > > > > > > > > On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> wrote: > >> Hi Sergey, >> >> The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. >> >> The audience information is provided when the client interacts with the AS. >> >> Ciao >> Hannes >> >> >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >>> Of ext Sergey Beryozkin >>> Sent: Sunday, August 18, 2013 6:32 PM >>> To: <oauth@ietf.org> >>> Subject: [OAUTH-WG] Audience parameter in authorization flow >>> >>> Hi Hannes, All, >>> >>> Regarding [1], where would you expect an audience parameter be provided >>> during the authorization flow ? >>> >>> It appears to me it should be provided during the initial redirect >>> (similarly to a parameter like redirect_uri). >>> >>> Also, would it make sense to support pre-registered audience values, >>> example, a client registers and specifies an audience during the >>> registration ? >>> >>> Thanks, Sergey >>> >>> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > ------------------------------ Message: 6 Date: Wed, 21 Aug 2013 16:45:36 +0000 From: Anthony Nadalin <tonynad@microsoft.com> To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Phil Hunt <phil.hunt@oracle.com> Cc: "<oauth@ietf.org>" <oauth@ietf.org> Subject: Re: [OAUTH-WG] Audience parameter in authorization flow Message-ID: <1d4b764800be4cff991f02a91948d2c0@BY2PR03MB189.namprd03.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" I think binding audience at registration time is to limiting as we see audience being on a per token request level and also see the audience being part of the restrictions for "act as" or "on behalf of" support -----Original Message----- From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, August 21, 2013 9:41 AM To: Phil Hunt Cc: <oauth@ietf.org> Subject: Re: [OAUTH-WG] Audience parameter in authorization flow That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the client talks to the authorization server to obtain an access token. Maybe UMA has provided a story for this already... On 08/21/2013 06:35 PM, Phil Hunt wrote: > This could be bound up in the client registration process since oauth clients don't authorize for random "targets". > > Phil > > @independentid > www.independentid.com<http://www.independentid.com> > phil.hunt@oracle.com > > > > > > > > On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> wrote: > >> Hi Sergey, >> >> The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. >> >> The audience information is provided when the client interacts with the AS. >> >> Ciao >> Hannes >> >> >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On >>> Behalf Of ext Sergey Beryozkin >>> Sent: Sunday, August 18, 2013 6:32 PM >>> To: <oauth@ietf.org> >>> Subject: [OAUTH-WG] Audience parameter in authorization flow >>> >>> Hi Hannes, All, >>> >>> Regarding [1], where would you expect an audience parameter be >>> provided during the authorization flow ? >>> >>> It appears to me it should be provided during the initial redirect >>> (similarly to a parameter like redirect_uri). >>> >>> Also, would it make sense to support pre-registered audience values, >>> example, a client registers and specifies an audience during the >>> registration ? >>> >>> Thanks, Sergey >>> >>> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ------------------------------ Message: 7 Date: Wed, 21 Aug 2013 09:46:39 -0700 From: Phil Hunt <phil.hunt@oracle.com> To: Anthony Nadalin <tonynad@microsoft.com> Cc: "<oauth@ietf.org>" <oauth@ietf.org> Subject: Re: [OAUTH-WG] Audience parameter in authorization flow Message-ID: <5AA05FFA-99AB-4702-BC20-C209FF26416C@oracle.com> Content-Type: text/plain; charset=us-ascii Yes. The trade off is that each client_id becomes associated with a target. Phil @independentid www.independentid.com<http://www.independentid.com> phil.hunt@oracle.com On 2013-08-21, at 9:45 AM, Anthony Nadalin <tonynad@microsoft.com> wrote: > I think binding audience at registration time is to limiting as we see audience being on a per token request level and also see the audience being part of the restrictions for "act as" or "on behalf of" support > > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Wednesday, August 21, 2013 9:41 AM > To: Phil Hunt > Cc: <oauth@ietf.org> > Subject: Re: [OAUTH-WG] Audience parameter in authorization flow > > That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the client talks to the authorization server to obtain an access token. > > Maybe UMA has provided a story for this already... > > On 08/21/2013 06:35 PM, Phil Hunt wrote: >> This could be bound up in the client registration process since oauth clients don't authorize for random "targets". >> >> Phil >> >> @independentid >> www.independentid.com<http://www.independentid.com> >> phil.hunt@oracle.com >> >> >> >> >> >> >> >> On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> wrote: >> >>> Hi Sergey, >>> >>> The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. >>> >>> The audience information is provided when the client interacts with the AS. >>> >>> Ciao >>> Hannes >>> >>> >>>> -----Original Message----- >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On >>>> Behalf Of ext Sergey Beryozkin >>>> Sent: Sunday, August 18, 2013 6:32 PM >>>> To: <oauth@ietf.org> >>>> Subject: [OAUTH-WG] Audience parameter in authorization flow >>>> >>>> Hi Hannes, All, >>>> >>>> Regarding [1], where would you expect an audience parameter be >>>> provided during the authorization flow ? >>>> >>>> It appears to me it should be provided during the initial redirect >>>> (similarly to a parameter like redirect_uri). >>>> >>>> Also, would it make sense to support pre-registered audience values, >>>> example, a client registers and specifies an audience during the >>>> registration ? >>>> >>>> Thanks, Sergey >>>> >>>> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ------------------------------ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth End of OAuth Digest, Vol 58, Issue 72 *************************************
- Re: [OAUTH-WG] OAuth Digest, Vol 58, Issue 72 amir abdulahi